Warning: Permanently added '10.128.0.179' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.715003][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 26.954539][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 27.074671][ T12] usb 1-1: config 0 has an invalid interface number: 116 but max is 0 [ 27.082979][ T12] usb 1-1: config 0 has no interface number 0 [ 27.089167][ T12] usb 1-1: config 0 interface 116 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 8 [ 27.099022][ T12] usb 1-1: config 0 interface 116 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 8 [ 27.109149][ T12] usb 1-1: New USB device found, idVendor=05a3, idProduct=8388, bcdDevice= 6.0e [ 27.118542][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.128007][ T12] usb 1-1: config 0 descriptor?? [ 27.171143][ T102] usb 1-1: Direct firmware load for libertas/usb8388_olpc.bin failed with error -2 [ 27.180767][ T102] usb 1-1: Direct firmware load for libertas/usb8388_v9.bin failed with error -2 [ 27.190161][ T102] usb 1-1: Direct firmware load for libertas/usb8388_v5.bin failed with error -2 [ 27.199507][ T102] usb 1-1: Direct firmware load for libertas/usb8388.bin failed with error -2 [ 27.211853][ T102] usb 1-1: Direct firmware load for usb8388.bin failed with error -2 [ 27.223509][ T102] ================================================================== [ 27.231655][ T102] BUG: KASAN: global-out-of-bounds in load_next_firmware_from_table+0x267/0x2d0 [ 27.240660][ T102] Read of size 8 at addr ffffffff8608e138 by task kworker/0:2/102 [ 27.248440][ T102] [ 27.250752][ T102] CPU: 0 PID: 102 Comm: kworker/0:2 Not tainted 5.3.0-rc5+ #28 [ 27.258276][ T102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.268560][ T102] Workqueue: events request_firmware_work_func [ 27.274695][ T102] Call Trace: [ 27.278315][ T102] dump_stack+0xca/0x13e [ 27.282535][ T102] ? load_next_firmware_from_table+0x267/0x2d0 [ 27.289022][ T102] ? load_next_firmware_from_table+0x267/0x2d0 [ 27.295268][ T102] print_address_description+0x6a/0x32c [ 27.300960][ T102] ? load_next_firmware_from_table+0x267/0x2d0 [ 27.307140][ T102] ? load_next_firmware_from_table+0x267/0x2d0 [ 27.313300][ T102] __kasan_report.cold+0x1a/0x33 [ 27.318244][ T102] ? load_next_firmware_from_table+0x267/0x2d0 [ 27.324384][ T102] kasan_report+0xe/0x12 [ 27.328626][ T102] load_next_firmware_from_table+0x267/0x2d0 [ 27.334587][ T102] ? main_firmware_cb+0x100/0x100 [ 27.339699][ T102] helper_firmware_cb+0xdc/0x100 [ 27.344703][ T102] request_firmware_work_func+0x126/0x242 [ 27.350430][ T102] ? request_firmware_into_buf+0x90/0x90 [ 27.356104][ T102] process_one_work+0x92b/0x1530 [ 27.361035][ T102] ? pwq_dec_nr_in_flight+0x310/0x310 [ 27.366396][ T102] ? do_raw_spin_lock+0x11a/0x280 [ 27.371401][ T102] worker_thread+0x96/0xe20 [ 27.376093][ T102] ? process_one_work+0x1530/0x1530 [ 27.381283][ T102] kthread+0x318/0x420 [ 27.385340][ T102] ? kthread_create_on_node+0xf0/0xf0 [ 27.390819][ T102] ret_from_fork+0x24/0x30 [ 27.395469][ T102] [ 27.397769][ T102] The buggy address belongs to the variable: [ 27.403728][ T102] fw_table+0x98/0x5c0 [ 27.407882][ T102] [ 27.410266][ T102] Memory state around the buggy address: [ 27.416045][ T102] ffffffff8608e000: fa fa fa fa 00 04 fa fa fa fa fa fa 00 00 05 fa [ 27.424089][ T102] ffffffff8608e080: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.432134][ T102] >ffffffff8608e100: 00 00 00 00 00 00 fa fa fa fa fa fa 00 00 00 00 [ 27.440262][ T102] ^ [ 27.446157][ T102] ffffffff8608e180: 00 00 00 01 fa fa fa fa 00 00 00 00 02 fa fa fa [ 27.454320][ T102] ffffffff8608e200: fa fa fa fa 00 03 fa fa fa fa fa fa 00 00 00 00 [ 27.462371][ T102] ================================================================== [ 27.470412][ T102] Disabling lock debugging due to kernel taint [ 27.476639][ T102] Kernel panic - not syncing: panic_on_warn set ... [ 27.483318][ T102] CPU: 0 PID: 102 Comm: kworker/0:2 Tainted: G B 5.3.0-rc5+ #28 [ 27.492689][ T102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.502741][ T102] Workqueue: events request_firmware_work_func [ 27.508881][ T102] Call Trace: [ 27.512154][ T102] dump_stack+0xca/0x13e [ 27.516384][ T102] panic+0x2a3/0x6da [ 27.520255][ T102] ? add_taint.cold+0x16/0x16 [ 27.524914][ T102] ? load_next_firmware_from_table+0x267/0x2d0 [ 27.531046][ T102] ? trace_hardirqs_on+0x55/0x1e0 [ 27.536048][ T102] ? load_next_firmware_from_table+0x267/0x2d0 [ 27.542264][ T102] end_report+0x43/0x49 [ 27.546407][ T102] ? load_next_firmware_from_table+0x267/0x2d0 [ 27.552538][ T102] __kasan_report.cold+0xd/0x33 [ 27.557364][ T102] ? load_next_firmware_from_table+0x267/0x2d0 [ 27.563662][ T102] kasan_report+0xe/0x12 [ 27.567883][ T102] load_next_firmware_from_table+0x267/0x2d0 [ 27.573841][ T102] ? main_firmware_cb+0x100/0x100 [ 27.578838][ T102] helper_firmware_cb+0xdc/0x100 [ 27.583755][ T102] request_firmware_work_func+0x126/0x242 [ 27.589454][ T102] ? request_firmware_into_buf+0x90/0x90 [ 27.595127][ T102] process_one_work+0x92b/0x1530 [ 27.600075][ T102] ? pwq_dec_nr_in_flight+0x310/0x310 [ 27.605433][ T102] ? do_raw_spin_lock+0x11a/0x280 [ 27.610440][ T102] worker_thread+0x96/0xe20 [ 27.615635][ T102] ? process_one_work+0x1530/0x1530 [ 27.620984][ T102] kthread+0x318/0x420 [ 27.625029][ T102] ? kthread_create_on_node+0xf0/0xf0 [ 27.630382][ T102] ret_from_fork+0x24/0x30 [ 27.635385][ T102] Kernel Offset: disabled [ 27.639690][ T102] Rebooting in 86400 seconds..